Merge pull request #569 from mythi/PR-2021-010

sgx: update SGX SDK/DCAP versions
2025-06-03 03:59:37 +00:00 · 2021-02-18 10:58:45 +02:00 · 2021-02-18 10:58:45 +02:00 · d0ab71c93a
commit d0ab71c93a
parent 1a522bbee2 abfa3496a2
6 changed files with 12 additions and 13 deletions
--- a/cmd/sgx_plugin/README.md
+++ b/cmd/sgx_plugin/README.md
@ -64,8 +64,7 @@ The component has the same basic dependancies as the
 [generic plugin framework dependencies](../../README.md#about).
 The SGX device plugin requires Linux Kernel SGX drivers to be available. These drivers
-are currently available via [RFC patches on Linux Kernel Mailing List](https://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-sgx.git).
+are available in Linux 5.11.
 RFC *v41* was used to validate what is written in this document.
 The hardware platform must support SGX Flexible Launch Control.
--- a/demo/sgx-sdk-demo/Dockerfile
+++ b/demo/sgx-sdk-demo/Dockerfile
@ -23,8 +23,8 @@ RUN apt-get update && \
 # SGX SDK is installed in /opt/intel directory.
 WORKDIR /opt/intel
-ARG SGX_SDK_INSTALLER=sgx_linux_x64_sdk_2.12.100.3.bin
+ARG SGX_SDK_INSTALLER=sgx_linux_x64_sdk_2.13.100.4.bin
-ARG DCAP_VERSION=DCAP_1.9
+ARG DCAP_VERSION=DCAP_1.10
 RUN echo "deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu bionic main" >> /etc/apt/sources.list.d/intel-sgx.list \
 && wget -qO - https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | apt-key add - \
@ -35,7 +35,7 @@ RUN echo "deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu bio
    libsgx-quote-ex-dev
 # Install SGX SDK
-RUN wget https://download.01.org/intel-sgx/sgx-linux/2.12/distro/ubuntu18.04-server/$SGX_SDK_INSTALLER \
+RUN wget https://download.01.org/intel-sgx/sgx-linux/2.13/distro/ubuntu18.04-server/$SGX_SDK_INSTALLER \
 && chmod +x  $SGX_SDK_INSTALLER \
 && echo "yes" | ./$SGX_SDK_INSTALLER \
 && rm $SGX_SDK_INSTALLER
--- a/deployments/operator/samples/deviceplugin_v1_sgxdeviceplugin.yaml
+++ b/deployments/operator/samples/deviceplugin_v1_sgxdeviceplugin.yaml
@ -9,4 +9,4 @@ spec:
  provisionLimit: 110
  logLevel: 4
  nodeSelector:
-    feature.node.kubernetes.io/sgx: 'true'
+    feature.node.kubernetes.io/custom-intel.sgx: 'true'
--- a/deployments/sgx_aesmd/base/sgx_default_qcnl.conf
+++ b/deployments/sgx_aesmd/base/sgx_default_qcnl.conf
@ -1,2 +1,2 @@
-PCCS_URL=https://localhost:8081/sgx/certification/v2/
+PCCS_URL=https://localhost:8081/sgx/certification/v3/
 USE_SECURE_CERT=FALSE
--- a/deployments/sgx_enclave_apps/overlays/sgx_ecdsa_inproc_quote/sgx_default_qcnl.conf
+++ b/deployments/sgx_enclave_apps/overlays/sgx_ecdsa_inproc_quote/sgx_default_qcnl.conf
@ -1,2 +1,2 @@
-PCCS_URL=https://localhost:8081/sgx/certification/v2/
+PCCS_URL=https://localhost:8081/sgx/certification/v3/
 USE_SECURE_CERT=FALSE
--- a/deployments/sgx_nfd/nfd-worker.conf
+++ b/deployments/sgx_nfd/nfd-worker.conf
@ -1,6 +1,6 @@
 sources:
-  cpu:
+  custom:
-    cpuid:
+  - name: "intel.sgx"
-      attributeWhitelist:
+    matchOn:
-        - "SGX"
+      - kConfig: ["X86_SGX"]
-        - "SGXLC"
+        cpuId: ["SGX", "SGXLC"]
`@ -1,2 +1,2 @@`
	`PCCS_URL=https://localhost:8081/sgx/certification/v2/`	`PCCS_URL=https://localhost:8081/sgx/certification/v3/`
	`USE_SECURE_CERT=FALSE`	`USE_SECURE_CERT=FALSE`